<?php
// digiboard by digitalboom.org
// http://www.digitalboom.org
//
// Information Technology program
// Sirindhorn International Institute of Technology
// Thammasat University, Rangsit Campus
// http://www.siit.tu.ac.th
//
// authors : Bigga , sea
// first created on: 2001 Jun ??
// last modified on: 2008 May 15 by sea
//
// ip retrieving code by mhz

// captcha verification
session_start();
$string = strtoupper($_SESSION['string']);
$typestring = strtoupper($_POST['userstring']); 

include("settings/config.inc.php");
include("settings/accounts.inc.php");
include("settings/forum.inc.php");
include("lib/util.inc.php");
include("lib/users_function.inc.php");
include("lib/sh.inc.php");
include("lib/spam_check.inc.php");
include_once("captcha/settings.php");

global $db_link, $DGB;

extract($_POST);
extract($_GET);

// client's ip address
$ip = $REMOTE_ADDR;
$ip_client = getenv("HTTP_CLIENT_IP");
$ip_xforward = getenv("HTTP_X_FORWARDED_FOR");
$ip_remote = getenv("REMOTE_ADDR");

// validate the inputs
$ok = true;

$meta_reload = "";
$html_title  = "";
$html_msg    = "";

@$msgby = @trim($msgby);
@$msgdetail = @rtrim($msgdetail);
@$email = @trim($email);
@$icq = @trim($icq);

if (@$msgby == "") {
 $ok = false;
 $html_msg = "Please enter your name.<br>";
}
if (@$msgdetail == "") {
 $ok = false;
 $html_msg = $html_msg."Did you forget to type the message?<br>";
}

if (is_spam($msgdetail) || is_spammer($msgby,$icq)) {
 $ok = false;
 $html_msg = $html_msg."Nope, you cannot advertise here.<br><br>We don't wanna get rich by annoying people. We just work hard and believe in hard work. We also don't want 
any Xanax or Viagra, unlike your daddy.<br><br>And please do us a favor: Fuck yourself and get lost! <br><br>";
}

$db_link = dgb_db_connect();
$qLastestTopic = mysql_query("SHOW TABLE STATUS LIKE 'wb_topics'") or die ( "Query failed: " . mysql_error() . "<br/>");
$rLastestTopic = mysql_fetch_assoc($qLastestTopic);
$LastestTopic = $rLastestTopic['Auto_increment'];

//Captcha checking
if (($LastestTopic - $Topic_ID > 500)&&(($string != $typestring) || (strlen($string) <= 4))) {
 $ok = false;
 $html_msg = $html_msg."<font color=red>Your CAPTCHA is not correct.</font><br>";
}

// if the inputs are valid
if ($ok) {
 //Clear Captcha session when it's correct :D
 session_destroy();   
 //Check User Login
 shad2pw($_COOKIE[Password]);
 $AlreadyLogin = CheckUser($_COOKIE[Username], $_COOKIE[Password], $db_link, $DGB['DB_USERS_TABLE']);
 if ($AlreadyLogin == "1") {
  if ($_COOKIE[Username] == $msgby) {
   $msgby .= "[RegisterUserLogin]";
  } else {
   $msgby .= "($_COOKIE[Username] [RegisterUserLogin])";
  }
 } else {
  $clearfakemsg = "[RegisterUserLogin]";
  $clearfakemsg_txt = "";
  $msgby = str_replace($clearfakemsg, $clearfakemsg_txt, $msgby);
 }

 // prepare input for database
 $msgby     = addslashes($msgby);
 $msgdetail = addslashes($msgdetail);
 
 $NowTimeStamp  = time();
 $NowTimeStamp_Offsetted  = $NowTimeStamp-($DGB["TIME_OFFSET"]*3600);

 $posttime = date("Y-m-d H:i:s", $NowTimeStamp_Offsetted);

 $query =
  "INSERT INTO ".$DGB['DB_ANSWERS_TABLE'].
  " (Topic_ID, PosterName, PosterEmail, PosterICQ, PostTime, IP, Message , IP_Client, IP_Xforward, IP_Remote)
  VALUES
  ('$Topic_ID', '$msgby', '$email', '$icq', '$posttime', '$ip', '$msgdetail', '$ip_client', '$ip_xforward','$ip_remote')";

 // start update member post/answer stats
 if($AlreadyLogin=="1") {
  $query1 = "SELECT TotalAnswerPost   FROM  ".$DGB['DB_USERS_TABLE']." WHERE Username = '$_COOKIE[Username]' and Password='".md5($_COOKIE[Password])."'";
  $result1 = mysql_query($query1,$db_link);
  $data1 = mysql_fetch_row($result1);
  // value increment by 1
  $TotalAnswerPost  = $data1[0]+1;
  $query2 = "UPDATE ".$DGB['DB_USERS_TABLE']." SET TotalAnswerPost  ='$TotalAnswerPost' WHERE Username='$_COOKIE[Username]' and Password = '".md5($_COOKIE[Password])."'";
  $result2 = mysql_query($query2,$db_link);
 }
 // end update member post/answer stats

 $result = mysql_query($query,$db_link);

 if ($result) {
  // counts the actual answers from answers table
  $c_ansnum = 0;
  $c_query = "SELECT COUNT(*) FROM ".$DGB['DB_ANSWERS_TABLE'].
   " WHERE Topic_ID='$Topic_ID'";

  // gets AnsNum from topics table
  $g_ansnum = 0;
  $g_query = "SELECT AnsNum FROM ".$DGB['DB_TOPICS_TABLE'].
   " WHERE Topic_ID='$Topic_ID'";

  // this loop is for make sure that the answer number
  // is really sync with the actual figure
  do {
   // count
   $c_result = mysql_query($c_query,$db_link);
   $c_row    = mysql_fetch_row($c_result);
   $c_ansnum = $c_row[0];

   // update
   // ($query should be in the do loop,
   //  else the $c_ansnum variable in the $query will not be updated)
   $query =
    "UPDATE ".$DGB['DB_TOPICS_TABLE'].
    " SET AnsNum=($c_ansnum), AnsTime='$posttime' WHERE Topic_ID='$Topic_ID'";
   $result = mysql_query($query,$db_link);

   // verify
   $g_result = mysql_query($g_query,$db_link);
   $g_row    = mysql_fetch_row($g_result);
   $g_ansnum = $g_row[0];
  } while ($c_ansnum != $g_ansnum);

  if ($result) {
   $html_title = "Posted";
   $html_msg   = "<b>Message posted.</b>";
  } else {
   $html_title = "Posted (!)";
   $html_msg   = "<b>Message posted, but cannot update the answer number.</b>";
  }
  $html_msg =
   $html_msg."<br><br><a class=\"linkBtn\" href=\"read.php?Topic_ID=$Topic_ID\">back to message</a>";
    
  $meta_reload =
   "<meta http-equiv=\"refresh\" content=\"3; URL=read.php?Topic_ID=$Topic_ID\">";
 } else {
  $html_title = "Cannot post";
  $html_msg   = "<b>Message was not posted, cannot access database.</b><br>".
   "<br><a class=\"linkBtn\" href=\"javascript: history.back()\">Go back and try again</a>";
 }
} else {
 $html_title = "Not posted";
 $html_msg = $html_msg."<b>Message was not posted.</b><br>".
  "<br><a class=\"linkBtn\" href=\"javascript: history.back()\">Go back to complete it</a>";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?=$DGB["ENCODING"];?>">
<?=$meta_reload;?>
<title><?=$html_title;?></title>
<link rel="stylesheet" href="<?=$DGB["STYLESHEET"];?>" type="text/css">
</head>

<body bgcolor="#FFFFEE">
<table width="100%" height="100%" border=0 cellspacing=0 cellpadding=0>
<tr>
<td  valign="middle">

<table width="50%" align="center" border=0 cellpadding=1 cellspacing=0 bgcolor="#cccccc">
 <tr>
  <td class="tpInfo"><b>&nbsp;<?=$html_title;?></b></td>
 </tr>
 <tr>
  <td>
   <table width="100%" align="center" border=0 cellspacing=0 cellpadding=0 bgcolor="#fefefe">
    <tr class="tpMsg" align="center">
     <td>
      <br><?=$html_msg;?><br>
     </td>
    </tr>
    <tr class="tpPosterInfo" align="right">
     <td>&nbsp;</td>
    </tr>
   </table>
  </td>
 </tr>
</table>

</td>
</tr>
</table>
</body>
</html>
